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Services 


API endpoints 


Machine-to-machine 
communication 
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Schedule to disable 
TLS 1.0 / 1.1 


e Chrome: Jan 2020 
* Firefox/Safari: March 2020 
e IE: First half of 2020 


TLS 1.3 is faster and removes support for 
insecure features and ciphers 


“a SSL Pulse 


The Good O Qualys. SSL Labs 
* No SHA1 or 1024 bit keys a AA 
SSL Pulse 


SSL Pulse is a continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL- and TLS-enabled 


Th e Ba d ( E 3 5 % i n a d eq u ate) websites, based on Alexa's list of the most popular sites in the world. 
Monthly Scan: November 02, 2018 


Home Projects Qualys.com Contact 


* Expired certificates: ~5,200 


SSL Security Summary SSL Labs Grade Distribution 


° Expiring in the next 2 weeks: «4,500 
* Weak/Insecure cipher suites: -4,200 n» 137502 - 


* 1.296 


e SSLv2/SSLv3: - 15,000 64.3% 49,078. MM bis Ba eor stas sine 
secure sites -0.6% 7 тени 
° TLSv1 ‚0: ~99 000 (72%) AA көмө. 2% SS 
"A+. aA- 0% d , E 
88,424 1 \ 8.7 % (11,766 sites) j 


e RC4 enabled: ~22,000 (16%) 


+0.6% 


Current State of Most Organizations 


Limited 
Visibility 


95% of organizations 
don't know where 
certs are in their 
networks 


Limited ownership 
information 


The unknown is 
difficult to manage 


Expirations 
Missed 


Unplanned outages 


Many more "near 
misses” 


Compliance 


Certificates from 
unapproved CAs 


Responding to audits 
are manually 
intensive exercises 


Reliance on 
Manual 
Processes 


Spreadsheets are error 
prone and out-of-date 


Expensive, not scalable 
as certificates increase 


Troubleshooting issues 
is challenging 
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Ponemen 


The average Global 5,000 company 
spends about $15 million to recover 
from the loss of business due to 
a certificate outage! 


thttp://www.csoonline.com/article/2987 186/browser-security/expired- 
certificates-cost-businesses-15-million-per-outage.html 
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Challenges of Existing Solutions 


Visibility 
Point tools, increasing effort and ownership costs 


Scalability 
Operational silos 
Work in on-premises or cloud-only mode 


Require multiple or complex deployments to cover 
large environments 


Maturity 


Most solutions are off-the-shelf vulnerability-only or 
certificate-only “tools” 
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Introducing 
Qualys CertView 


Qualys Demo (quays.ad) т @ Z 


TOTAL CERTIFICATES 


Discover, inventory, monitor certificates 


28 
Discover, inventory, monitor host 
configurations & vulnerabilities 
Coverage across both on-premises and cloud Pou Sl  — 
environments AY а 

in 60 Days > тоова a a š - 
Renew certificates from the same platform CERTIFICATES BY HASHING ALGORITHM CERTIFICATES BY KEY LENGTH 
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Use Cases 


Outage Remediation Stop expired certificates from interrupting business 
p exp pting 
TEE Find out if your TLS configurations are 
וזו+ו‎ r . . 
following best practices 
Baseline Normal Usage/ Establish a baseline to be able to detect anomalies 
Full Visibility 


Audits and Compliance Achieve audit success and fast remediation 
Certificate Renewal Renew expiring certificates 
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Key Advantages of 
Qualys CertView 


CERTIFICATES BY EXPIRATION GRADES 


CERTIFICATES BY ALGORITHM 


CERTIFICATE INSTANCES BY PORT 


VULNERABILITIES BY SEVERITY 


TOP 5 CERTIFICATES BY COMMON NAME 


Qualys Cloud 
Platform 
Unified approach to detection, 


prevention & response across on- 
premises or cloud assets and endpoints 


On Premise 


DC 
LI 


Endpoints 


amazon 
webservices 


icrosoft 


m Mi 
MM Azure 


CertView Releases and Roadmap 


Q3 2019* 
den > March 2019 Assign ownership 
Scan Consolidation Report enhancements Enroll/Renew (Comodo/Let'sEncrypt) 


Certificate Validation 


- t Í | 


Feb 2019 June 2019* Q4 2019* 
CA Imports APIs Cloud Agent support 
Enroll/Renew (Digicert) piu Enroll/Renew 


Approval workflow (Entrust/Godaddy/EJBCA) 
Deploy on Apache/IIS 
ServiceNow CMDB integration 
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CertView is free, it's how you use it 
(or not) that will cost you! 


-Anonymous 
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Certificate View 
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Thank You 


Jimmy Graham 
jgrahamO qualys.com 


